What's wrong with my BIND setup?

Chris asked:

So I have been trying to setup BIND / named as a primary / secondary name server for a domain name I purchased a while back because I switched my hosting plan from shared to VPS recently. I think I have everything setup properly (for the most part) but when I go to ping the domain name I have registered, the command prompt just says unknown host. I made sure I registered the name servers with the domain name registrar, and I can ping the name servers. So I know that part is working but for whatever reason I can not ping my domain name.

The domain name I am referring to is chrisrjones.com

The named.conf looks like the following, http://pastebin.com/cphG1yWy

The fwd.chrisrjones.com file looks like the following, http://pastebin.com/G7iXCdLz

and the reverse, pastebin.com/Hk9pyEHu

My answer:

Let’s start with some sanity checks.

From your whois record:


Looks good.

Do the TLD servers for com. have this information?

$ host -v -t ns chrisrjones.com. a.gtld-servers.com
Trying "chrisrjones.com"
Using domain server:
Name: a.gtld-servers.com
Address: 2001:503:a83e::2:30#53

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15725
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2

;chrisrjones.com.               IN      NS

chrisrjones.com.        172800  IN      NS      ns1.chrisrjones.com.
chrisrjones.com.        172800  IN      NS      ns2.chrisrjones.com.

ns1.chrisrjones.com.    172800  IN      A
ns2.chrisrjones.com.    172800  IN      A

Received 101 bytes from 2001:503:a83e::2:30#53 in 119 ms

Still looking good.

Do your nameservers work?

$ host -v -t ns chrisrjones.com.
Trying "chrisrjones.com"
Received 33 bytes from in 88 ms
Trying "chrisrjones.com"
Using domain server:

Host chrisrjones.com not found: 5(REFUSED)
Received 33 bytes from in 89 ms

No, it refused our query!

$ host -v -t ns chrisrjones.com.
Trying "chrisrjones.com"
;; connection timed out; trying next origin
Trying "chrisrjones.com"
;; connection timed out; no servers could be reached

No, it’s down!

OK, let’s start with your nameserver that’s up. In the options in named.conf you have, among other things:

allow-query { localhost; };
recursion yes;

So, queries are only allowed from the local host! All others get refused.

For a proper authoritative name server, you should allow access from anywhere and turn off recursion.

allow-query { any; };
recursion no;

Once you get that straight, you’ll find that your zone has no A (or AAAA) records, thus you can’t look up the address for, for instance, www.chrisrjones.com. Be sure to add the appropriate A and AAAA records.

Finally, your secondary DNS server doesn’t exist, and is also on the same subnet if it did exist. This effectively breaks the redundancy that having two or more nameservers is supposed to provide. Consider locating your other DNS server somewhere else, for instance on another server in another country, or with a third party provider.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.